Run your internal operations
on Supabase.
Supasheet turns any Supabase project into a complete internal operations platform. Auto-generated CRUD, multiple data views (grid, kanban, calendar, gallery, list), built-in auth with MFA, fine-grained RBAC, configurable dashboards, charts, file storage, and audit logs, all in one open-source React app.
Internal tools shouldn't take weeks.
Yet every team keeps rebuilding the same CRUD, dashboards, and permission plumbing. Supasheet ships the whole layer, once, open source, on your Supabase.
Building internal tools is repetitive
Every CRUD screen is the same, list, detail, form, delete. Yet every team rebuilds them from scratch for every project.
Low-code platforms are a per-seat tax
Retool, Forest, and friends charge per-seat forever. The bill scales with your team, and you don't own the code that runs your ops.
Rolling your own auth + RBAC is risky
Permission systems are easy to get wrong. Bugs leak data, audits find gaps, and incident reports get written at 3am.
Everything internal ops needs, built-in
Stop stitching together libraries and SaaS tools. Supasheet ships the full stack, CRUD, auth, RBAC, dashboards, files, and audit, as one open-source app.
Auto-generated CRUD
Add a table, get list, detail, create, and edit screens automatically. Field types are detected from your schema and rendered with the right input.
Multiple data views
View the same data as grid, kanban, calendar, gallery, or list. Drag tasks across kanban columns, schedule on calendars, browse galleries, switch with a click.
Built-in authentication
Sign-in, sign-up, OAuth (Google + GitHub), TOTP-based MFA, password reset, and identity linking, wired to Supabase Auth out of the box.
Fine-grained RBAC
Role-permission matrix enforced by Postgres RLS. The UI gates the same way for UX, but security is enforced at the database, even leaked client keys can't bypass it.
Configurable dashboards
KPI cards, metric tiles with sparklines, mini-tables, and chart widgets. Mark a view as a dashboard widget, it shows up. Per-widget permission gating included.
Five chart types
Area, bar, line, pie, and radar, auto-rendered from your views. Use them inside dashboards or as standalone analytics pages. No JavaScript required.
File storage
Drag-and-drop uploads, folder navigation, inline image and PDF preview. Permission-controlled buckets with dynamic upload paths that respect your RBAC.
Audit logs
Every INSERT, UPDATE, and DELETE captured by Postgres triggers. Old data, new data, changed fields, user, role, timestamp, compliance-ready out of the box.
User management
Create, invite, edit, and delete users via Supabase's Admin API behind permission checks. Invite by magic link, manage roles, view per-user audit history.
The same data, every way your team works
Configure once in the table comment, switch views with a click. Each view is built for a specific workflow, from spreadsheet edits to kanban pipelines to calendar scheduling.
Grid View
What teams build with Supasheet
Eleven pre-built example schemas ship with the repo, clone one, run the migrations, and start operating. Or wire up your own and Supasheet renders the UI for free.
Project & task management
Run sprints, track tickets, and ship work. Kanban boards, calendars, and dashboards wired to your tasks table.
CRM & sales pipeline
Manage deals, contacts, and accounts without per-seat fees. Drag deals through stages, track activity, run pipeline reports.
E-commerce ops
Run the back-office for a store: products, orders, customers, and reviews. Rich-text descriptions and image galleries included.
HR & people ops
Employee records, leave requests, performance cycles. Permission-gated by role so HR sees what HR should see.
Finance & inventory
Invoicing, budgets, procurement, manufacturing, and quality control, all driven by the same metadata model.
LMS & content
Courses, enrollments, lessons, and certificates. Author with rich text, track progress, gate by role.
How Supasheet compares
Other tools either lock you in, charge per seat, or stop short of a complete internal-ops stack. Supasheet ships everything, and you keep the code.
| Feature | Supasheet | Retool | Supabase Studio | NocoDB | Directus |
|---|---|---|---|---|---|
| Open source | |||||
| Self-hostable | |||||
| Auto-generated CRUD | Manual | ||||
| Multiple data views (kanban, calendar…) | |||||
| Built-in auth + MFA | Managed | ||||
| RBAC enforced by DB (RLS) | App-layer | App-layer | |||
| Configurable dashboards | |||||
| File storage UI | Plugin | ||||
| Audit logs | |||||
| No per-seat fees | |||||
| You own the React code | N/A |
Comparison reflects publicly documented features at time of writing. Verify against current vendor docs for your use case.
Why Supasheet?
Six reasons teams pick Supasheet over rolling their own admin panel or paying per-seat for a low-code tool.
Internal tools shouldn't take weeks
Stop rebuilding the same CRUD, auth, and dashboards every project. Define a table, get a working ops screen, nothing to glue together.
Everything in one app
CRUD, multiple views, auth, RBAC, dashboards, charts, file storage, and audit logs. One open-source app, not seven SaaS subscriptions.
RBAC enforced by the database
Permissions live in Postgres. Every table has RLS policies that check the role-permission matrix, even a leaked client key can't bypass it.
Built natively on Supabase
Auth, storage, edge functions, realtime, all leveraged. Run on Supabase Cloud or self-host with the open-source stack.
Type-safe end to end
Routes, queries, forms, and the database schema are all typed. Refactor without fear, TypeScript catches breakage before runtime does.
You own the React code
It's a React app. Fork it, brand it, embed it. No per-seat tax. No vendor lock-in. No SaaS escape velocity to plan for.
Questions, answered
Everything teams typically ask before building their internal ops on Supasheet.
Do I need to know React to use Supasheet?
For everyday CRUD use, you only write SQL, Supasheet generates the screens automatically. To customize components or add bespoke routes, basic React helps.
Does it work with my existing Supabase project?
Yes. Run the migrations from supabase/migrations/, point Supasheet at your project URL and anon key, and your tables show up as managed resources.
Can I customize the look and feel?
Yes. It's a standard React + Tailwind + shadcn/ui app. Override CSS variables for theme colors, swap components, or fork it entirely, you own the code.
How does authentication work?
Supabase Auth handles sessions. Supasheet ships sign-in, sign-up, OAuth (Google, GitHub), MFA (TOTP), password reset, and identity linking out of the box.
How are permissions enforced?
Roles and permissions live in supasheet.role_permissions. Every table's RLS policy checks supasheet.has_permission('schema.table:action'). The UI gates the same way for UX, but the database is the source of truth, even leaked client keys can't bypass it.
Can I add custom views or routes?
Yes. It uses TanStack Router with file-based routing, drop a .tsx file in src/routes/ and it's a route. All the data, auth, and permission hooks are reusable.
Does it support multiple schemas / multi-tenancy?
Yes. Routes are scoped under /$schema/. Use Postgres schemas as logical tenants, or as one schema per module (CRM, HR, finance, etc.).
Is there a hosted version?
The demo at 0.supasheet.app is hosted by the project. For production, self-host the React app and point it at Supabase Cloud or self-hosted Supabase.
What does it cost?
Supasheet itself is open-source and free. You only pay for the infrastructure you run, your Supabase project and wherever you host the React app.